policy/protocols/ssh/geo-data.zeek

SSH

Geodata based detections for SSH analysis.

Namespace:SSH Imports:base/frameworks/notice, base/protocols/ssh

Summary

Runtime Options

SSH::watched_countries: set &redef

The set of countries for which you’d like to generate notices upon successful login.

Redefinitions

Notice::Type: enum
SSH::Info: record

Detailed Interface

Runtime Options

SSH::watched_countries

Type:

set [string]

Attributes:

&redef

Default:

{
   "RO"
}

The set of countries for which you’d like to generate notices upon successful login.